<?php
require_once ('../config/path_config.php');
require_once(ROOTDIR."admin/admin-header.php");
require_once(ROOTDIR."common/db_utils.php");

// 1. 允许管理员进入密码修改页面
$isAllowAccess = isset($_SESSION['administrator']);
// 2. 允许老师进入密码修改页面
if ( !$isAllowAccess ) {
    $isAllowAccess = isset($_SESSION['teacher']);
}
// 3. 允许机构管理员进入密码修改页面
if ( !$isAllowAccess ) {
    $isAllowAccess = isset($_SESSION['jgadmin']);
}

if (!$isAllowAccess ){
	echo "<a href='../loginpage.php'>Please Login First!</a>";
	exit(1);
}

// 进行密码修改操作
if( isset($_POST['do']) )
{
	require_once("../include/check_post_key.php");
	require_once("../include/my_func.inc.php");
	
	$user_id=$_POST['user_id'];
    $passwd =$_POST['passwd'];
    echo $passwd;
    if (get_magic_quotes_gpc ()) {
		$user_id = stripslashes ( $user_id);
		$passwd = stripslashes ( $passwd);
	}

	// 老师修改学生密码，需要判断该学生是否属于该教师下的同学
	if ( isset($_SESSION['teacher']) && !isset($_SESSION['jgadmin']) ) {
        $sql="select count(*) from teacher_teach_stu where teacher_uid=? and stu_uid=?";
        $teacher_id = $_SESSION['user_id'];
        $result = DbUtil::getInstance()->query($sql, $teacher_id, $user_id);
        if ( $result[0][0] == 0 ) {
            echo "<br/><br/>&nbsp;&nbsp;该学员不属于您的学生,不可修改他的密码";
            exit(1);
        }
    }

	$passwd=pwGen($passwd);
	$sql="update `users` set `password`=? where `user_id`=?  and user_id not in( select user_id from privilege where rightstr='administrator') ";
	if ( DbUtil::getInstance()->query($sql,$passwd,$user_id)==1 ) {
        echo "密码修改成功!";
    }
    else {
        echo "No such user! or He/Her is an administrator!";
    }
}
?>
<div class="container">
<form action='changepass.php' method=post>
	<b>修改密码:</b><br />
    用户名:<input type=text size=10 name="user_id"><br />
	密码:&nbsp;&nbsp;&nbsp;&nbsp;<input type=text size=10 name="passwd"><br />
	<?php require_once("../include/set_post_key.php");?>
	<input type='hidden' name='do' value='do'>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
	<input type=submit value='提交'>&nbsp;&nbsp;&nbsp;&nbsp;
    <input type=reset value='重置'>
</form>
</div>
